New TraceAssure Program from TraceSecurity Helps Banks and Credit Unions Protect Their Online Banking Customers from Internet Fraud and Identity Theft

Press Release , 03/01/2006

Program Leverages Groundbreaking TraceAssure Toolbar and TraceAssure Authentication Server to Ensure Safe, Secure Web Browsing and Enable Critical Two-Factor Authentication

BATON ROUGE, La. – (Mar. 1, 2006) – TraceSecurity, a leading provider of on-demand security compliance management software, today unveiled TraceAssure, a new program for financial institutions that enables them to offer their online banking customers the industry’s most advanced protection against Internet fraud and identity theft. Technologies introduced with the TraceAssure program include the free TraceAssure Toolbar and TraceAssure Authentication Server. TraceAssure Toolbar protects customers from malicious phishing, spear phishing, pharming and man-in-the-middle attacks while TraceAssure Authentication Server enables strong two-factor authentication account access.

There is no registration fee associated with the TraceAssure program. A bank or credit union with a Web presence simply registers its domain and IP address through the TraceAssure Manager link on the TraceSecurity Web site. Once registered, the domain is recognized by the TraceAssure Toolbar, a powerful utility which organizations can offer their customers to protect them against phishing, spear phishing, pharming and man-in-the-middle attacks. Identity thieves use these types of attacks in an effort to steal passwords, credit card information, etc., by either redirecting the user to a fraudulent Web site or trying to pose as a legitimate Web site. The TraceAssure Toolbar is designed to foil these types of attacks by letting users know immediately if the Web site they’ve navigated to is truly the organization they intended to visit. Using technology that cross references every Web page domain with a corresponding IP address, this information is then validated against a secure “White List” which has been compiled by TraceSecurity from data collected through TraceAssure Manager registrations. If a malicious site attempts to impersonate a legitimate Web site, it will fail authentication and an “Unknown” message is displayed directly on the TraceAssure Toolbar. In addition, if a malicious site tries to perform a man-in-the-middle style attack, in which a third-party attempts to intercept and reroute the user, TraceAssure Toolbar catches the IP address difference and warns the user with a “Malicious” notice. Legitimate sites display an “Authenticated” notice and sites registered by domain only will display as “Approved.”

“According to the FDIC, electronic fraud is rapidly on the rise, with account hijacking of particular concern,” said Pete Stewart, CEO of TraceSecurity.  “Left unchecked, these issues can quickly become a financial institution’s worst security compliance nightmare and ultimately lead to a rapid erosion of customer confidence and lost business revenue. We created the TraceAssure program to help financial institutions provide their customers the strongest possible protection against the most common real-world security threats.”

TraceAssure Toolbar becomes even more powerful when coupled with the TraceAssure Authentication Server. TraceAssure Authentication Server, installed at the financial institution, provides customers the added protection of two-factor authentication. Two-factor authentication, which utilizes a challenge/response methodology, is widely acknowledged by security experts as the best way to eliminate the growing threat of account hijacking and is highly recommended by the FDIC for thwarting Internet fraud.

Until now, single-factor password authentication had been the de facto standard for account access, with two-factor authentication reserved almost exclusively for corporate environments where there are a finite number of users, and the authentication device, such as tokens, ID cards, etc., can be easily controlled. Conversely, financial institutions are challenged with offering secure authentication to a dynamic customer base on a very large scale which makes the distribution of tokens or ID cards inefficient and cost-prohibitive.

TraceAssure Authentication Server, installed at an organization as a stand-alone server, generates strong two-factor authentication “keys” on-demand via the Web and within minutes makes them available to the consumer through the TraceAssure Toolbar. This model eliminates the need for expensive authentication devices and enables financial organizations to offer their customers the highest level of security at a very low deployment price point. And because TraceAssure Authentication Server is compatible with most online banking applications, installation and implementation is quick and seamless.

The TraceAssure program also enables organizations to offer their customers free co-branded online security training by TraceSecurity. This online security service teaches end users about topical security issues such as phishing while displaying the registered organization corporate name. Additionally, organizations are encouraged to place the “TraceAssure Enabled” certificate image on their Web sites, which immediately indicates to users that the site has been authenticated through TraceAssure.

The TraceAssure program, including TraceAssure Toolbar and TraceAssure Authentication Server join TraceSecurity’s growing family of security compliance management solutions. TraceSecurity Compliance Manager, the company’s flagship solution, helps customers quickly comply with regulations such as GLBA, Sarbanes-Oxley, and HIPAA, all of which mandate that companies protect the integrity and confidentiality of sensitive information. The software’s patent-pending technology automates vulnerability testing, policy management, employee education and board-level reporting.

Pricing and Availability
Participation in the TraceAssure program is free and is available now. To register visit https://www.tracesecurity.com/sa/signup.cfm. To download the TraceAssure Toolbar visit https://www.tracesecurity.com/sa/download.cfm. Introductory pricing for TraceAssure Authentication Server starts at $5,000 US with a $3,000 annual maintenance fee and is also available immediately.

About TraceSecurity
TraceSecurity is a leading provider of on-demand security compliance software and services. The company’s patent-pending enterprise software helps customers satisfy national and international data security compliance requirements mandated by such regulations as GLBA, Sarbanes-Oxley, and HIPAA. Over 350 global enterprises in the financial services, insurance, healthcare, government, manufacturing and services industries rely on TraceSecurity to continually monitor and improve the computer security of their companies. TraceSecurity’s products and services include on-demand vulnerability and compliance assessment software, social engineering audits, comprehensive security assessments and security strategy consulting. Headquartered in Baton Rouge, Louisiana, TraceSecurity maintains offices in Houston and Dallas, Texas, San Diego, California, and Portland, Oregon. The company can be reached by phone at (877)-275-3009 or on the Web at http://www.tracesecurity.com.